ARP-spoofing defense

On Wed, 2007-03-14 at 10:52 -0600, Topher Fischer wrote:
> Also, in my mind, the solution to this problem seems too easy. I must
> be missing something. Why do machines even pay attention to ARP replies
> that they did not solicit? Why isn't ARP just implemented so that when
> a request is sent out, then any matching replies are processed and
> nothing more? What am I missing here?
I "researched" this one time too. What I found was that Linux and Cisco
devices were not vulnerable to ARP spoofing because they did just as you
outline. I looked through some of the ARP code in Linux and that
appeared to indeed be the case, although I can't say I know that for
sure. Windows was easily spoofed however.
Corey